CHISSP Healthcare IT Network Security & Access Control

Question 1

Which network segmentation strategy is most commonly recommended to isolate medical devices from general hospital IT systems?

Accepted Answer

VLAN-based segmentation with strict ACLs

Answer

Physical air-gapping of all clinical devices

Answer

Using a single flat network with host-based firewalls

Answer

Implementing NAT for all medical device traffic

Question 2

A hospital's EHR system must enforce the 'minimum necessary' access principle. Which access control model best supports this requirement?

Accepted Answer

Role-Based Access Control (RBAC)

Answer

Discretionary Access Control (DAC)

Answer

Mandatory Access Control (MAC)

Answer

Rule-Based Access Control (RuBAC)

Question 3

Under NIST guidelines, what is the primary purpose of implementing 802.1X port-based authentication on a healthcare network?

Accepted Answer

To ensure only authenticated devices connect to network segments

Answer

To encrypt data transmitted between medical devices

Answer

To monitor bandwidth usage by clinical applications

Answer

To assign IP addresses dynamically to medical devices

Question 4

A healthcare organization wants to reduce the attack surface of its patient portal. Which principle should guide the configuration of the web application firewall?

Accepted Answer

Deny all traffic by default and allow only required application functions

Answer

Allow all traffic by default and block known malicious patterns

Answer

Block traffic from foreign IP addresses exclusively

Answer

Allow authenticated users unrestricted access to all portal features

Question 5

Which authentication mechanism provides the strongest security for remote access to a healthcare organization's clinical systems?

Accepted Answer

Multi-factor authentication combining something you know and something you have

Answer

Username and password with complexity requirements

Answer

Biometric fingerprint authentication alone

Answer

Single sign-on with a shared administrative account

Question 6

When deploying wireless networks in a healthcare facility, which protocol is considered minimum acceptable for securing patient data transmitted over Wi-Fi?

Accepted Answer

WPA2 with AES-CCMP

Answer

WEP (Wired Equivalent Privacy)

Answer

WPA (Wi-Fi Protected Access)

Answer

WPA3 is required; no other protocol is acceptable

Question 7

A security analyst detects repeated failed login attempts against the hospital's VPN concentrator from external IP addresses. What is the BEST immediate response?

Accepted Answer

Implement account lockout policies and geo-IP blocking where feasible

Answer

Disable the VPN service until the source is identified

Answer

Increase the VPN session timeout to reduce login frequency

Answer

Switch from certificate-based to password-based VPN authentication